I am been taking a two day class on C/C++ secure coding, a required class for every coder within my group at Intel. First, I am so thankful I mostly don’t code in C/C++ because as I learned in the class, it’s quite challenging to write secure code that is not susceptible to stack overflow attacks or any number of other attacks. My co-worker Sandeep who works on Intel AMT Switchbox and Guardpost, both entirely built in C/C++ is going to have a challenge.
This said, C# is not immune to security issues and there is an ongoing debate whether the Intel AMT DTK C# and C/C++ tools should complete a security review. One argument is that as long at Intel AMT is secure and does not expose vulnerabilities, any Intel AMT tool is also safe and does not need to be reviewed. On the other hand, many people use the DTK source code for other projects and which we make no claims of security; it’s probably not a bad idea to check.
Right now, the DTK is not being checked for any security issues, but there are so design considerations that can, at a high level, help with security. One of them is to minimize or remove completely any listening sockets. In Intel AMT Commander there is one listening for SNMP traps, in Intel AMT Terminal there is also a socket used to connect debug terminals to pass serial-over-LAN information thru for debugging. On the agent side, Intel AMT Outpost have no incoming sockets, its powerful serial agent is connected to the serial-over-LAN COM port and so, relies on Intel AMT authentication.
I would like to invite the community to comment or post me directly any security issues you find with the DTK. I will certainly try my best to fix all of the issues.
Ylian (Intel AMT Blog)